Privacy Policy

Gentlepass is a letter drafting assistance service serving families across England, Wales, Scotland, and Northern Ireland. This privacy policy applies equally to all users across the United Kingdom. We help people who are dealing with bereavement admin by generating personalised draft letters to organisations such as banks, HMRC, and utility providers.

For data protection purposes, we are the data controller. You can contact us at hello@gentlepass.co.uk.

We collect the following categories of personal data:

• Your name and email address — provided when you create an account or complete our intake form
• The full name of the person who has died and the date of death
• Details you enter into our intake form, such as your address, your relationship to the deceased, information about financial accounts, pensions, and subscriptions
• Payment information — we use Stripe to process payments; we do not store your card number or payment details directly
• Account credentials — email address and encrypted password if you register with email and password

We do not collect sensitive special-category data as defined by GDPR. We recommend you do not enter information beyond what is requested in the form.

We use the data you provide solely to:

• Generate personalised draft letters addressed to organisations relevant to your situation
• Deliver your letter pack and allow you to access it after payment
• Process your payment via Stripe
• Contact you about your account or letter pack if necessary

We use the Anthropic API (Claude) to generate letter content. Information you enter into the intake form is sent to Anthropic's API for the purpose of generating your letters. Anthropic processes this data in accordance with their privacy policy and API terms. We do not use your data to train AI models.

We do not use your data for marketing, profiling, or automated decision-making that produces legal effects about you.

We process your personal data on the following legal bases under UK GDPR, which applies across all four nations of the United Kingdom — England, Wales, Scotland, and Northern Ireland:

• Performance of a contract — to provide the letter drafting service you have purchased
• Legitimate interests — to improve our service and ensure its security
• Legal obligation — where required by law

We retain your personal data and generated letters until you request deletion of your account. If you request account deletion, we will remove your personal data within 30 days, except where we are required to retain certain records for legal or accounting purposes (typically 6 years for financial records).

Session data and intake answers that are not associated with a paid account may be cleared sooner, typically within 90 days of inactivity.

We use the following third-party services to operate Gentlepass:

• Stripe — payment processing. Stripe is PCI-DSS compliant. Your card details are handled directly by Stripe and never touch our servers. Stripe's privacy policy: stripe.com/gb/privacy
• Anthropic API — AI letter generation. The details you enter are sent to Anthropic to generate your personalised letters. Anthropic's privacy policy: anthropic.com/privacy
• Supabase — database and authentication infrastructure. Your account data and generated letters are stored in Supabase. Supabase's privacy policy: supabase.com/privacy

We do not sell, rent, or share your personal data with any other third parties for commercial purposes.

You have the following rights regarding your personal data:

• Right of access — you can request a copy of the personal data we hold about you
• Right to rectification — you can ask us to correct inaccurate data
• Right to erasure — you can ask us to delete your data (subject to legal obligations)
• Right to data portability — you can ask us to provide your data in a machine-readable format
• Right to restrict processing — you can ask us to pause processing of your data in certain circumstances
• Right to object — you can object to processing based on legitimate interests

To exercise any of these rights, email us at hello@gentlepass.co.uk. We will respond within 30 days. If you are unsatisfied with our response, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.

We use browser session storage and local storage to save your progress while you complete the intake form and to maintain your session after payment. We do not use advertising or tracking cookies.

We take reasonable technical measures to protect your data, including encrypted connections (HTTPS), secure authentication, and access controls. However, no method of transmission or storage is completely secure and we cannot guarantee absolute security.

We may update this privacy policy from time to time. If we make material changes, we will notify you by email or by a prominent notice on the site. The date at the top of this page indicates when it was last updated.

For any data protection queries or to exercise your rights, contact us at hello@gentlepass.co.uk. We are based in the United Kingdom.